UCF STIG Viewer Logo

The IDPS must employ cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000219-IDPS-000176 SRG-NET-000219-IDPS-000176 SRG-NET-000219-IDPS-000176_rule Medium
Description
It is imperative the authentication process and the transmission of network management traffic implements cryptographic modules adhering to the standards approved by the federal government. If approved encryption and/or hashing methods are not used during the authentication process, malicious users can gain knowledge of passwords and other configuration information by sniffing IDPS traffic on the network. FIPS-validated or NSA-approved cryptographic modules must be used by the IDPS whenever cryptographic protection is required.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43320_chk )
Verify a FIPS-validated or NSA-approved cryptographic module is installed and configured on the IDPS components to protect transmissions and data in storage when required by policy.

If cryptography is the not FIPS-validated or NSA approved is used by the IDPS to protect data in transit or in storage, this is a finding.
Fix Text (F-43320_fix)
Install and configure the IDPS components to use FIPS-validated or NSA-approved cryptographic module configured on the IDPS components to protect transmissions and data in storage where required by policy